Arch Linux

TheMohawkNinja

Member

Registered: 2017-07-11

Posts: 39

[SOLVED] SSH into Windows permission denied

Hello,

I am trying to give my Arch machine the capability to SSH (via OpenSSH) into a Windows 10 machine. I've gotten it to the point where it will connect to the Windows 10 machine, however when I put in the password for the user, I receive a "Permission denied, please try again." error.

• I made sure that the user wasn't attached to a Microsoft account to avoid potential authentication issues (it's just a straight username and password).

• I logged in to the user's account in-case the profile would need to be generated.

• I have tried both setting the user as a standard and administrator account.

• I have made sure that port 22 is open on inbound traffic on the Windows 10 machine.

Unless the router is blocking local SSH access (which I won't have the ability to check until Monday due to currently renting a router from my ISP which I discovered means I can't do any configurations to said router), I have run out of things that I can think of to look for.

Last edited by TheMohawkNinja (2018-07-14 23:50:03)

ewaller

Administrator

From: Pasadena, CA

Registered: 2009-07-13

Posts: 20,057

Re: [SOLVED] SSH into Windows permission denied

Post the actual output of the ssh command.
When you first tried, did ssh tell you that it could not verify the authenticity of the machine, and did you want to add the fingerprint of that machine to your known hosts?  Did you?
This sounds like Windows "security" is rejecting the long in request.  Check your logs on windows and see if it blocked a log on attempt

---

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

TheMohawkNinja

Member

Registered: 2017-07-11

Posts: 39

Re: [SOLVED] SSH into Windows permission denied

Post the actual output of the ssh command.

ssh root@192.160.0.2
root@192.168.0.2's password:
Permission denied, please try again.

When you first tried, did ssh tell you that it could not verify the authenticity of the machine, and did you want to add the fingerprint of that machine to your known hosts?  Did you?

Yes, I did add the fingerprint to the known hosts list, as I was prompted to.

This sounds like Windows "security" is rejecting the long in request.  Check your logs on windows and see if it blocked a log on attempt

Event Viewer seems to contradict what's happening. It records the key check, a successful login of the user, and then an immediate logout of the user.

An account was logged off.

Subject:
	Security ID:		Ben_PC\root
	Account Name:		root
	Account Domain:		Ben_PC
	Logon ID:		0x25AC185

Logon Type:			2

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.

------------------------------------------------------------

An account was logged off.

Subject:
	Security ID:		Ben_PC\root
	Account Name:		root
	Account Domain:		Ben_PC
	Logon ID:		0x25AC1A7

Logon Type:			2

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.

------------------------------------------------------------

Special privileges assigned to new logon.

Subject:
	Security ID:		Ben_PC\root
	Account Name:		root
	Account Domain:		Ben_PC
	Logon ID:		0x25AC185

Privileges:		SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege

------------------------------------------------------------

An account was successfully logged on.

Subject:
	Security ID:		SYSTEM
	Account Name:		BEN_PC$
	Account Domain:		WORKGROUP
	Logon ID:		0x3E7

Logon Information:
	Logon Type:		2
	Restricted Admin Mode:	-
	Virtual Account:		No
	Elevated Token:		No

Impersonation Level:		Impersonation

New Logon:
	Security ID:		Ben_PC\root
	Account Name:		root
	Account Domain:		Ben_PC
	Logon ID:		0x25AC1A7
	Linked Logon ID:		0x25AC185
	Network Account Name:	-
	Network Account Domain:	-
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Process Information:
	Process ID:		0x1640
	Process Name:		C:\Windows\System32\svchost.exe

Network Information:
	Workstation Name:	BEN_PC
	Source Network Address:	-
	Source Port:		-

Detailed Authentication Information:
	Logon Process:		Advapi  
	Authentication Package:	MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
	- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.
	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

------------------------------------------------------------

An account was successfully logged on.

Subject:
	Security ID:		SYSTEM
	Account Name:		BEN_PC$
	Account Domain:		WORKGROUP
	Logon ID:		0x3E7

Logon Information:
	Logon Type:		2
	Restricted Admin Mode:	-
	Virtual Account:		No
	Elevated Token:		Yes

Impersonation Level:		Impersonation

New Logon:
	Security ID:		Ben_PC\root
	Account Name:		root
	Account Domain:		Ben_PC
	Logon ID:		0x25AC185
	Linked Logon ID:		0x25AC1A7
	Network Account Name:	-
	Network Account Domain:	-
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Process Information:
	Process ID:		0x1640
	Process Name:		C:\Windows\System32\svchost.exe

Network Information:
	Workstation Name:	BEN_PC
	Source Network Address:	-
	Source Port:		-

Detailed Authentication Information:
	Logon Process:		Advapi  
	Authentication Package:	MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
	- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.

------------------------------------------------------------

An account was successfully logged on.

Subject:
	Security ID:		SYSTEM
	Account Name:		BEN_PC$
	Account Domain:		WORKGROUP
	Logon ID:		0x3E7

Logon Information:
	Logon Type:		2
	Restricted Admin Mode:	-
	Virtual Account:		No
	Elevated Token:		No

Impersonation Level:		Impersonation

New Logon:
	Security ID:		Ben_PC\root
	Account Name:		root
	Account Domain:		Ben_PC
	Logon ID:		0x25AC1A7
	Linked Logon ID:		0x25AC185
	Network Account Name:	-
	Network Account Domain:	-
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Process Information:
	Process ID:		0x1640
	Process Name:		C:\Windows\System32\svchost.exe

Network Information:
	Workstation Name:	BEN_PC
	Source Network Address:	-
	Source Port:		-

Detailed Authentication Information:
	Logon Process:		Advapi  
	Authentication Package:	MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
	- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.
	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

------------------------------------------------------------

An account was successfully logged on.

Subject:
	Security ID:		SYSTEM
	Account Name:		BEN_PC$
	Account Domain:		WORKGROUP
	Logon ID:		0x3E7

Logon Information:
	Logon Type:		2
	Restricted Admin Mode:	-
	Virtual Account:		No
	Elevated Token:		Yes

Impersonation Level:		Impersonation

New Logon:
	Security ID:		Ben_PC\root
	Account Name:		root
	Account Domain:		Ben_PC
	Logon ID:		0x25AC185
	Linked Logon ID:		0x25AC1A7
	Network Account Name:	-
	Network Account Domain:	-
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Process Information:
	Process ID:		0x1640
	Process Name:		C:\Windows\System32\svchost.exe

Network Information:
	Workstation Name:	BEN_PC
	Source Network Address:	-
	Source Port:		-

Detailed Authentication Information:
	Logon Process:		Advapi  
	Authentication Package:	MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
	- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.
	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

A logon was attempted using explicit credentials.

Subject:
	Security ID:		SYSTEM
	Account Name:		BEN_PC$
	Account Domain:		WORKGROUP
	Logon ID:		0x3E7
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
	Account Name:		root
	Account Domain:		Ben_PC
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Target Server:
	Target Server Name:	localhost
	Additional Information:	localhost

Process Information:
	Process ID:		0x1640
	Process Name:		C:\Windows\System32\svchost.exe

Network Information:
	Network Address:	-
	Port:			-

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

------------------------------------------------------------

Cryptographic operation.

Subject:
	Security ID:		SYSTEM
	Account Name:		BEN_PC$
	Account Domain:		WORKGROUP
	Logon ID:		0x3E7

Cryptographic Parameters:
	Provider Name:	Microsoft Software Key Storage Provider
	Algorithm Name:	RSA
	Key Name:	Ssh-Rsa
	Key Type:	Machine key.

Cryptographic Operation:
	Operation:	Open Key.
	Return Code:	0x0

------------------------------------------------------------

Key file operation.

Subject:
	Security ID:		SYSTEM
	Account Name:		BEN_PC$
	Account Domain:		WORKGROUP
	Logon ID:		0x3E7

Process Information:
	Process ID:		5696
	Process Creation Time:	2018-07-14T14:46:59.595658200Z

Cryptographic Parameters:
	Provider Name:	Microsoft Software Key Storage Provider
	Algorithm Name:	UNKNOWN
	Key Name:	Ssh-Rsa
	Key Type:	Machine key.

Key File Operation Information:
	File Path:	C:\ProgramData\Microsoft\Crypto\Keys\<key file name omitted>
	Operation:	Read persisted key from file.
	Return Code:	0x0

------------------------------------------------------------

Key migration operation.

Subject:
	Security ID:		SYSTEM
	Account Name:		BEN_PC$
	Account Domain:		WORKGROUP
	Logon ID:		0x3E7

Process Information:
	Process ID:		5696
	Process Creation Time:	2018-07-14T14:46:59.595658200Z

Cryptographic Parameters:
	Provider Name:	Microsoft Software Key Storage Provider
	Algorithm Name:	RSA
	Key Name:	Ssh-Rsa
	Key Type:	Machine key.

Additional Information:
	Operation:	Export of persistent cryptographic key.
	Return Code:	0x0

----------------------------------------------------------

Cryptographic operation.

Subject:
	Security ID:		SYSTEM
	Account Name:		BEN_PC$
	Account Domain:		WORKGROUP
	Logon ID:		0x3E7

Cryptographic Parameters:
	Provider Name:	Microsoft Software Key Storage Provider
	Algorithm Name:	RSA
	Key Name:	Ssh-Rsa
	Key Type:	Machine key.

Cryptographic Operation:
	Operation:	Open Key.
	Return Code:	0x0

------------------------------------------------------------

Key file operation.

Subject:
	Security ID:		SYSTEM
	Account Name:		BEN_PC$
	Account Domain:		WORKGROUP
	Logon ID:		0x3E7

Process Information:
	Process ID:		5696
	Process Creation Time:	2018-07-14T14:46:59.595658200Z

Cryptographic Parameters:
	Provider Name:	Microsoft Software Key Storage Provider
	Algorithm Name:	UNKNOWN
	Key Name:	Ssh-Rsa
	Key Type:	Machine key.

Key File Operation Information:
	File Path:	C:\ProgramData\Microsoft\Crypto\Keys\<key file name omitted>
	Operation:	Read persisted key from file.
	Return Code:	0x0

Last edited by TheMohawkNinja (2018-07-14 16:40:54)

loqs

Member

Registered: 2014-03-06

Posts: 17,885

Re: [SOLVED] SSH into Windows permission denied

`ssh -vvv root@192.160.0.2` should provide more output that might explain the disconnect

ewaller

Administrator

From: Pasadena, CA

Registered: 2009-07-13

Posts: 20,057

Re: [SOLVED] SSH into Windows permission denied

So, you are hitting the Windows box and you are trying to log in as root.  Is that the user name you created on Windows?

---

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

ua4000

Member

Registered: 2015-10-14

Posts: 469

Re: [SOLVED] SSH into Windows permission denied

What happens, if you install and start Putty on Windows, and try to ssh with your credentials into Windows?

TheMohawkNinja

Member

Registered: 2017-07-11

Posts: 39

Re: [SOLVED] SSH into Windows permission denied

`ssh -vvv root@192.160.0.2` should provide more output that might explain the disconnect

I forgot about verbosity lol.

After a few hours of a rabbit hole of Google searches related to what outputted from that, I managed to track down the issue: Password authentication was commented out in the configuration file and the keys that generated were in someway corrupted or not being read correctly which led to OpenSSH Server service not starting.